DoH is tricky to block since it’s just using https on port 443. The only options are blocklists of known servers and attempting to detect it with deep packet inspection.
Comment on Samsung brings ads to US fridges
MangoPenguin@lemmy.blahaj.zone 1 month agoMaybe block the DoH endpoint and in theory the device might fall back to normal DNS, dunno if that would work.
cmnybo@discuss.tchncs.de 1 month ago
MangoPenguin@lemmy.blahaj.zone 1 month ago
Yeah gotta inspect the traffic and block whatever hostnames it uses.
WhyJiffie@sh.itjust.works 1 month ago
and also block outgoing connections to port 53 when it’s not the pihole device’s allowed IP